303 matches found
Oracle 9i/10g - ACTIVATE_SUBSCRIPTION SQL Injection
!/usr/bin/perl Remote Oracle DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION exploit 9i/10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.securityfocus.com/archive/1/396133 AUTHOR: Andrea "bunker" Purificato...
Oracle 10g - KUPW$WORKER.MAIN GrantRevoke dba Permission
Oracle 10g - KUPW$WORKER.MAIN GrantRevoke dba Permission !/usr/bin/perl Remote Oracle KUPW$WORKER.MAIN exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.securityfocus.com/archive/1/440439 AUTHOR:...
Oracle 10g - KUPV$FT.ATTACH_JOB GrantRevoke dba Permission
Oracle 10g - KUPV$FT.ATTACHJOB GrantRevoke dba Permission !/usr/bin/perl Remote Oracle KUPV$FT.ATTACHJOB exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: https://www.securityfocus.com/bid/16294 AUTHOR: Andre...
Oracle 10g KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission Exploit
Exploit for multiple platform in category remote exploits ================================================================= Oracle 10g KUPV$FT.ATTACHJOB Grant/Revoke dba Permission Exploit ================================================================= !/usr/bin/perl Remote Oracle...
Oracle 10g - KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission
!/usr/bin/perl Remote Oracle KUPV$FT.ATTACHJOB exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: https://www.securityfocus.com/bid/16294 AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com DATE...
oracle10g-2.txt
/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST';...
Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit
No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...
Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit
Exploit for multiple platform in category local exploits ======================================================== Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit ======================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret...
Oracle 10g - SYS.KUPW$WORKER.MAIN PL SQL Injection
Oracle 10g - SYS.KUPW$WORKER.MAIN PL SQL Injection / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...
Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL SQL Injection
Oracle 10g - SYS.KUPV$FT.ATTACHJOB PL SQL Injection / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...
Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL / SQL Injection
/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST'...
Oracle <= 9i / 10g (read/write/execute) Exploitation Suite
No description provided by source. -- -- $Id: raptororaexec.sql,v 1.2 2006/11/23 23:40:16 raptor Exp $ -- -- raptororaexec.sql - java exploitation suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an exploitation suite for Oracle written in Java. Use it to --...
Oracle October 2005 CPU Problems
Examining the Oracle October 2005 Critical Patch Update in depth, NGSResearchers discovered a number of problems which have all since been reported to Oracle. As well as new vulnerabilities and problems with the patches for old vulnerabilities, the October 2005 CPU fails to install the patched...
[AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SQL Injection in CREATESCNCHANGESET procedure AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-05.html April 18, 2005 Affected versions: Oracle Database Server version 10g Risk level: High Credits: This...
CVE-2004-1366
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges...
Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i
Researchers at NGSSoftware have discovered multiple high risk vulnerabilities in the Oracle Database Server. Versions affected include Oracle Database 10g - All Releases Oracle9i Database Server - All Releases The vulnerabilities include PL/SQL Injection vulnerabilities that allow low privileged...
Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)
NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Multiple PL/SQL injection vulnerabilities Systems Affected: Oracle 10g/AS on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...
[Full-Disclosure] iDEFENSE Security Advisory 09.02.04b: Oracle Database Server ctxsys.driload Access Validation Vulnerability
Oracle Database Server ctxsys.driload Access Validation Vulnerability iDEFENSE Security Advisory 09.02.04b www.idefense.com/application/poi/display?id=136&type=vulnerabilities September 2, 2004 I. BACKGROUND Oracle Database Server is a family of database products that range from personal database...
Oracle Database Server 8.1.79.0.x - ctxsys.driload Access Validation
Oracle Database Server 8.1.79.0.x - ctxsys.driload Access Validation source: https://www.securityfocus.com/bid/11099/info Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database. SQ...
CVE-2004-1366
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges...